[ale] SSH attempts

Michael B. Trausch mike at trausch.us
Mon Sep 19 13:00:26 EDT 2011


On Mon, 2011-09-19 at 12:56 -0400, Bob Toxen wrote:
> On Mon, Sep 19, 2011 at 12:30:45PM -0400, Michael B. Trausch wrote:
> > On Mon, 2011-09-19 at 12:10 -0400, Bob Toxen wrote:
> > > This is why it is critical to have both a bootloader (grub or
> lilo)
> > > password and also a BIOS password.  They can be set so that the
> > > password is needed ONLY when booting other than the default device
> > > (BIOS) or default kernel environment (bootloader). 
> 
> > I have seen that functionality in a bootloader, but never before in
> a
> > BIOS.  What systems come with a BIOS that has that feature, do you
> know?
> > That would be a nice feature to have.  Then again, I'm not sure that
> it
> > would matter: physical access means that you can wipe the BIOS
> password,
> > and then we're back at square one, being able to pwn the box.
> EVERY i86 BIOS I have seen has this feature.  Boot into the BIOS and
> go through the screens looking for an option to set the password,
> sometimes called the "supervisor password".  Just don't forget it.
> (Yes, it can be erased by those who know how.) 

On my systems, this simply prevents entering the BIOS.

It does not disable or password-protect the boot list feature, however.
So, I'd still be interested if you know a BIOS that does that.

(I'd also be interested if you know about a secure BIOS that doesn't
have the "feature" of being able to have its password wiped in 45
seconds...)

	--- Mike

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                  --- Carveth Read, “Logic”



More information about the Ale mailing list